UPSSET.CONF(5) NUT Manual UPSSET.CONF(5)
NAME
upsset.conf - Configuration for Network UPS Tools upsset.cgi
DESCRIPTION
This file only does one job--it lets you convince upsset.cgi(8) that
your system's CGI directory is secure. The program will not run until
this file has been properly defined.
SECURITY REQUIREMENTS
upsset.cgi(8) allows you to try login name and password combinations.
There is no rate limiting, as the program shuts down between every
request. Such is the nature of CGI programs.
Normally, attackers would not be able to access your upsd(8) server
directly as it would be protected by the LISTEN directives in your
upsd.conf(5) file, tcp-wrappers (if available when NUT was built), and
hopefully local firewall settings in your OS.
upsset runs on your web server, so upsd will see it as a connection
from a host on an internal network. It doesn't know that the connection
is actually coming from someone on the outside. This is why you must
secure it.
On Apache, you can use the .htaccess file or put the directives in your
httpd.conf. It looks something like this, assuming the .htaccess method
for older Apache releases:
deny from all
allow from your.network.addresses
You will probably have to set "AllowOverride Limit" for this directory
in your server-level configuration file as well.
Modern Apache enjoys a more detailed syntax, like this:
ScriptAlias /upsstats.cgi /usr/share/nut/cgi/upsstats.cgi
ScriptAlias /upsset.cgi /usr/share/nut/cgi/upsset.cgi
Options +Includes +ExecCGI
AllowOverride Limit
Require local
Require ip aa.bb.cc.dd/nn
If this doesn't make sense, then stop reading and leave this program
alone. It's not something you absolutely need to have anyway.
Assuming you have all this done, and it actually works (test it!), then
you may add the following directive to this file:
I_HAVE_SECURED_MY_CGI_DIRECTORY
If you lie to the program and someone beats on your upsd through your
web server, don't blame me.
SEE ALSO
upsset.cgi(8)
Internet resources:
The NUT (Network UPS Tools) home page: https://www.networkupstools.org/
Network UPS Tools 2.8.2 05/20/2024 UPSSET.CONF(5)